A recent data breach exposed 2.7 billion personal details of U.S. individuals, including their Social Security numbers.
The breach is linked to National Public Data, a company known for collecting information from undisclosed sources for background checks. The company has now acknowledged a “data security incident” in which names, emails, addresses, phone numbers, Social Security numbers, and mailing addresses were exposed.
National Public Data vaguely attributes the breach to a third-party malicious actor in its security incident report. The company says the actor attempted to hack into the company’s data in late December 2023, with “potential exposure of certain data” occurring in April 2024 and summer 2024. These statements suggest that the hackers were successful in breaking into the system.
In April, a threat actor identified as the US Department of Defense attempted to sell 2.9 billion records from the US, UK and Canada for $3.5 million that it claimed were stolen from national public data. Since then, portions of the data have been leaked online, with the latest release being particularly comprehensive and sensitive.
National Public Data said it was working with law enforcement to assess the impact of the breach and would “endeavor to notify” affected individuals “if further significant developments apply.”
The company urges those who may be affected to monitor their financial accounts for fraudulent activity, obtain a free credit report and consider placing a fraud alert on their file.
The company is already facing a class action lawsuit filed in early August, in which plaintiffs who were alerted by an identity theft protection service that their information had been posted on the dark web allege that National Public Data “failed to adequately safeguard and secure the personally identifiable information it collected and maintained as part of the ordinary course of business.”
